{"id":4144,"date":"2024-06-25T14:45:10","date_gmt":"2024-06-25T14:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/"},"modified":"2024-06-25T14:45:10","modified_gmt":"2024-06-25T14:45:10","slug":"ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/","title":{"rendered":"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video"},"content":{"rendered":"
La vulnerabilidad CVE-2024-5173 afecta al plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress, permitiendo a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web maliciosos en p\u00e1ginas a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video.<\/div>\n

<\/p>\n

Esta vulnerabilidad de Cross-Site Scripting almacenado se produce debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida en los atributos proporcionados por el usuario. Esto permite a un atacante con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina infectada.<\/div>\n
Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin HT Mega \u2013 Absolute Addons For Elementor a la \u00faltima versi\u00f3n disponible y revisar de forma regular las p\u00e1ginas afectadas en busca de contenido malicioso. Adem\u00e1s, se debe ser prudente al otorgar privilegios de usuario dentro de WordPress para minimizar el impacto de posibles ataques de este tipo.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-5173 afecta al plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress, permitiendo a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web maliciosos en p\u00e1ginas a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video. Esta vulnerabilidad de Cross-Site Scripting almacenado se produce debido a una sanitizaci\u00f3n insuficiente […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1854],"class_list":["post-4144","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5173"],"yoast_head":"\nHT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-5173 afecta al plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress, permitiendo a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web maliciosos en p\u00e1ginas a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video. Esta vulnerabilidad de Cross-Site Scripting almacenado se produce debido a una sanitizaci\u00f3n insuficiente […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-25T14:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/\",\"url\":\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/\",\"name\":\"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-25T14:45:10+00:00\",\"dateModified\":\"2024-06-25T14:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/","og_locale":"en_US","og_type":"article","og_title":"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-5173 afecta al plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress, permitiendo a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web maliciosos en p\u00e1ginas a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video. Esta vulnerabilidad de Cross-Site Scripting almacenado se produce debido a una sanitizaci\u00f3n insuficiente […]","og_url":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-25T14:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/","url":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/","name":"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-25T14:45:10+00:00","dateModified":"2024-06-25T14:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/ht-mega-absolute-addons-for-elementor-2-5-5-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-la-configuracion-del-widget-del-reproductor-de-video\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de la configuraci\u00f3n del widget del reproductor de video"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4144"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4144"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4144\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4144"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}